Methods for secure enrollment and backup of personal identity credentials into electronic devices

ABSTRACT

A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

RELATED U.S. APPLICATION DATA

This application is a continuation of U.S. patent application Ser. No.10/635,762, filed on Aug. 6, 2003, entitled “Methods For SecureEnrollment And Backup Of Personal Identity Credentials Into ElectronicDevices,” now U.S. Pat. No. 7,590,861, which claims priority under 35USC 119(e) to provisional patent application Ser. No. 60/401,399 filedon Aug. 6, 2002 entitled, “A Secure Enrollment Process for a BiometricPersonal Identification Device,” each of which is hereby incorporated byreference in its entirety.

This application is related to U.S. patent application Ser. No.12/190,058, entitled “Methods for Secure Enrollment Of Personal IdentityCredentials Into Electronic Devices,” and U.S. patent application Ser.No. 12/190,061, entitled “Methods for Secure Backup of Personal IdentityCredentials for Electronic Devices” and U.S. patent application Ser. No.12/190,064, entitled “Methods for Secure Restoration of PersonalIdentity Credentials Into Electronic Devices,” each filed on Aug. 12,2008, and each of which is incorporated herein by reference theirentirety.

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates generally to the field of information security,and more particularly to an enrollment process for devices capable ofstoring and releasing personal identity credentials based onauthentication of a human fingerprint.

2. Necessity of the Invention

Devices and applications that use biometric authentication areincreasing in popularity and frequency of use in applications whereinformation security and privacy is critical. The success rates ofdevices that use biometrics as a form of authorization are dependent onthe accuracy of the process by which information is associated with thebiometric; for example, it must not be possible for John Doe tointercept Jane Doe's enrollment process and enroll Jane Doe'scredentials into a device with his fingerprint. A generalized enrollmentprocess includes capturing a biometric sample, ensuring the legitimacyof the sample and the individual providing the sample, storing thebiometric sample in the appropriate location in the device, and enablingaccess rights to the enrolled individual. If this enrollment process isperformed incorrectly or ineffectively then the process of biometricauthentication and the implicit guarantee of enhanced security areeasily defeated.

A variety of portable electronic devices with biometric authenticationare available to consumers. These include Hewlett Packard's iPAQ PocketPC h5450, 3M-AiT's VeriMe, Privaris' BPID™ Security Device, and Sony'sFIU-900 Puppy®. Each device is capable of storing fingerprints andperforming on-board matching. Several of these products are configurableto allow use of cryptographic keys after proof of biometricidentification. As discussed in the following section, ownership ofcryptographic keys is typically used as a form of remote identificationwhen individuals are communicating digitally. It is imperative, then,that the fingerprint is definitively linked to an individual, so thatthe cryptographic keys cannot be misused.

Furthermore, because the enrollment process must necessarily bestringent, and likely time-consuming, it is desirable to have a simplemethod of archiving and restoring enrolled credentials and fingerprints.Clearly the method must be inherently secure, because the entireenrollment process could be overridden by a compromise of the backupprocess.

DESCRIPTION OF THE RELATED ART

Public Key Infrastructure

The public key infrastructure (PKI) and digital certificates are verycommon and, when used correctly, can be used to guarantee a‘cryptographic identity’ of an individual. The most common form of thePKI uses the RSA algorithm, which is now freely available to the public.

To use the PKI, an individual—Alice—applies for a digital certificatefrom a trusted authority. After a substantive background investigatoryprocess, the trusted authority decides that Alice is who she claims tobe and decides to issue a digital certificate. The certificate includesa public key, one half of an asymmetric key pair, which is assigned onlyto Alice. She retains the other half of the key pair, the private key.Due to the fundamental principles of public key cryptography, anythingencrypted by the Alice's private key can only be decrypted using herpublic key, and vice versa. Alice is free to distribute the digitalcertificate and the public key to whomever she wishes.

When another individual, Bob, wishes to send a message to Alice, heencrypts it with her public key. Alice receives the encrypted messageand uses her private key to decrypt it. Because Alice is the uniqueowner of her public key, Bob knows that she possesses the unique andaccompanying private key. Additionally, Bob sees that a trustedauthority, which he knows performs substantive background checks, issuedthe digital certificate issued to Alice. He is assured that the onlyperson who can read the message is truly Alice. This assures one-waysecurity.

However, Alice cannot be sure that Bob sent her the message, because herpublic key is freely accessible. To combat this problem, Bob alsorequests and receives a digital certificate from a trusted authority.Bob writes his message and then creates a digital signature for themessage. He first creates a hash of the message; this process creates afixed-length string that is unique to the message but cannot be used todeduce the message. He then encrypts this hash using his private key andappends the encrypted hash to his message. The message and encryptedhash are now encrypted with Alice's public key, and transmitted to her.

Alice first decrypts the message with her private key. She can now readthe message, as described above. However, she also has the encryptedhash, which she can use to verify that Bob sent the message. She usesBob's public key to decrypt the digital signature and obtain the hash.Alice then hashes the received message herself, using the same hashalgorithm as Bob. If she obtains the same hash value as the onetransmitted by Bob, she is assured that the message has not changed, andthat he did actually send the message.

Enrollment Processes

3M-AiT's VeriMe stores a biometric template and a cryptographic privatekey for one user. When the user wishes to use the cryptographic privatekey, he or she must supply the correct biometric template. According tothe VeriMe fact sheet, the private key is generated at the time of“secure registration” of the fingerprint. However, the fact sheet doesnot describe the secure registration or what it entails; it also doesnot discuss a secure backup and recovery process.

Biometric Associates (BAI) produces a fingerprint sensor that can beembedded into a smartcard. The smartcard can then be used to performlocal biometric authentication, like the devices described above.According to BAI's website, the cards can enroll up to eight users withthe use of a BAI Enrollment Station. The Enrollment Station providesexternal equipment necessary to instruct the smartcard to startenrolling fingerprints and personal credentials. However, the publishedinformation does not describe a secure cryptographic process foraccomplishing this. It also does not describe secure backup and recoveryprocesses.

BRIEF SUMMARY OF THE INVENTION

The invention disclosed herein describes processes for securelyenrolling personal identity credentials into devices with means forpersonal identification. For example, a handheld computer with abiometric sensor may use enrolled fingerprints to identify a user whenhe requests access to stored information. The enrollment of thefingerprint must tie the user definitively to the fingerprint so thatfuture authorizations are valid.

The invention described herein provides a process for enrollment whereina manufacturer of a personal identification device records serialnumbers or another unique identifier for each device that it produces,along with a self-generated public key for each device. An enrollmentauthority is recognized by the manufacturer or another suitableinstitution as capable of validating an individual before enrolling himinto the device—maintains and operates the appropriate equipment forenrollment, and provides its approval of the enrollment.

The methods described herein are directed to post-manufacturingprocesses for the device, as well as the enrollment itself.Additionally, the invention describes methods for securely archivingenrolled personal identity credentials. This is to allow users torestore previously validated credentials into a new device withoutrequiring a completely new enrollment. Correspondingly, the inventiondescribes the restoration process, in which the stored credentials aresecurely downloaded into the new device.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1: Post-manufacturing process

-   -   101 Provide manufacturer's public key to device    -   102 Generate key pair for device    -   103 Provide device' public key and unique ID to manufacturer    -   104 Create digital certificate for device    -   105 Provide digital certificate to device    -   106 Store device' public key and unique ID    -   107 Disable device

FIG. 2: Enrollment

-   -   201 Request permission from enrollment authority to enroll        credentials into device    -   202 Validate the request    -   203 Present device' digital certificate    -   204 Verify that device is true owner of the certificate    -   205 Present enrollment authority's digital certificate    -   206 Verify that enrollment authority is true owner of the        certificate    -   207 Create a session key    -   208 Complete enrollment, encrypting with the session key

FIG. 3: Backup

-   -   301 Create symmetric biometric encryption and decryption key    -   302 Encrypt the biometric with the symmetric biometric        encryption and decryption key    -   303 Divide the symmetric biometric encryption and decryption key        into two parts    -   304 Encrypt first part with a passphrase    -   305 Digitally sign second part with primary device' private key    -   306 Encrypt digital signature and second part of symmetric        biometric encryption and decryption key with the controller's        public key    -   307 Create symmetric personal identity credential encryption and        decryption key    -   308 Digitally sign personal identity credential with primary        device' private key    -   309 Encrypt credential with symmetric personal identity        credential encryption and decryption key    -   310 Divide symmetric personal identity credential encryption and        decryption key    -   311 Encrypt first part of symmetric personal identity credential        encryption and decryption key with passphrase    -   312 Digitally sign second part of symmetric personal identity        credential encryption and decryption key with primary device'        private key    -   313 Encrypt digital signature and second part of symmetric        personal identity credential encryption and decryption key with        controller's public key    -   314 Store the encrypted biometric, encrypted credentials, and        encrypted symmetric biometric encryption and decryption key and        symmetric personal identity credential encryption and decryption        key in an electronic storage repository    -   315 Provide user with a digital certificate containing the        primary device' public key

FIG. 4: Restoration

-   -   301 Access the electronic storage repository    -   302 Obtain both parts of the symmetric biometric encryption and        decryption key    -   303 Decrypt the first part with a passphrase    -   304 Decrypt the second part and the digital signature with the        controller's private key    -   305 Verify the digital signature using the primary device'        public key    -   306 Combine both parts of the symmetric biometric encryption and        decryption key    -   307 Decrypt the biometric    -   308 Store the biometric in the secondary device    -   309 Obtain both parts of the symmetric personal identity        credential encryption and decryption key    -   310 Decrypt the first part with a passphrase    -   311 Decrypt the second part and the digital signature with the        controller's private key    -   312 Verify the digital signature using the primary device'        public key    -   313 Combine both parts of the symmetric personal identity        credential encryption and decryption key    -   314 Decrypt the personal identity credential and the associated        digital signature    -   315 Verify the digital signature using the primary device'        public key    -   316 Store the personal identity credential in the secondary        device

FIG. 1 is a flow chart illustrating the post-manufacturing process for apersonal identification device.

FIG. 2 is a flow chart illustrating the process for enrolling personalidentity credentials into the personal identification device.

FIG. 3 is a flow chart illustrating the backup process for securelystoring personal identity credentials for future restoration.

FIG. 4 is a flow chart illustrating the restoration process.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

The following detailed description is of the best presently contemplatedmodes of carrying out the invention. This description is not to be takenin a limiting sense, but is made merely for the purpose of illustratinggeneral principles of embodiments of the invention.

The invention disclosed herein provides a process for securely enrollingindividuals into devices with means for personal identification via useof biometric authentication (hereafter referred to as ‘personalidentification devices’). Because these devices are intended for use astrusted authentication devices, it is imperative that all of theinformation stored within the device be placed there in such a mannerthat it cannot be altered without proper authorization. There are twoparticipants in the enrollment process, the manufacturer of the personalidentification device and an enrollment authority.

The enrollment process includes identifying the devicepost-manufacturing and enrolling personal identity credentials and anassociated biometric into the personal identification device.Furthermore, the invention also discloses methods for creating securebackup and recovery processes, such that an individual may securelystore the enrolled information in an electronic storage repository, suchas a hard drive. If his personal identification device fails he can usethe recovery process to transfer the stored, enrolled information to anew device.

The two participants in the enrollment process must be definitely andseparately identified for proper enrollment. The first participant inthe enrollment system is the manufacturer of the personal identificationdevice. The manufacturer is responsible for maintaining a database ofunique identifiers, such as serial numbers, for all of the devices thatit produces. This enables it later to determine if it manufactured aparticular device. The second party is an enrollment authority, which isresponsible for investigating, authorizing and performing individuals'requests for enrollment into a personal identification device. Thisparticipant may be a Department of Motor Vehicles, a building securityofficer, or any other person or organization responsible for issuingpersonal identification devices.

Initial Enrollment

This enrollment system uses the PKI described above. Each manufacturerand enrollment authority is provided with at least one asymmetric keypair that can be used for identification and encryption. The key pairsmay be self generated, but the public key for each must be placed in adigital certificate signed by a trusted authority. Additionally, themanufacturer may wish to sign digital certificates owned by theenrollment authority as means for guaranteeing its approval of theenrollment authority.

FIG. 1 demonstrates the post-manufacturing process that begins theenrollment process for a personal identification device. Immediatelyfollowing manufacturing, each personal identification device receives apublic key possessed by its manufacturer (step 101). In the preferredembodiment this key is received as part of a digital certificate. Thepersonal identification device can use this public key to verify thedigital signature on messages transmitted from the manufacturer andaccept them as legitimate instructions. This step requires that themanufacturing process be secure and tamper-resistant; receiving a keyother than a trusted manufacturer's would directly compromise futuresecurity verifications.

The personal identification device now generates an asymmetric key pairfor itself (step 102). The public key and the device's unique identifierare sent to the manufacturer (step 103). The manufacturer, or otherlegitimate certificate authority, generates a digital certificate forthe device (step 104). This is now sent back to the device, and can besigned by the manufacturer as a token of its legitimacy (step 105). Themanufacturer keeps a record of the device's public key and its uniqueidentifier for future reference (step 106). At this point allfunctionality within the personal identification device is disabled,such that it is in a state waiting for future enrollment (step 107).

As seen in FIG. 2, upon receipt of a personal identification device, anindividual requests enrollment rights from an enrollment authority (step201). This may require that the individual be physically present in aspecified location, or may be performed remotely. The enrollmentauthority may establish all rules pertaining to the applicantverification process. The security and authenticity of the personalidentification device is only as good as that of the verificationprocess, so it is anticipated that these processes will be as stringentas required by the end application.

After approving the applicant, the enrollment authority receives thepersonal identification device's digital certificate (steps 202 and203). The enrollment authority validates the digital certificate byprompting the device to encrypt a predetermined string with its privatekey (step 204). The enrollment authority now decrypts the encryptedstring using the public key stored in the device' digital certificate,and verifies that the decrypted string matches the predetermined string.At this point the personal identification device will receive and verifythe validity of the enrollment authority's digital certificate (steps206 and 206). It performs the same prompt and verification processdescribed above, and can also verify the manufacturer's signature on thecertificate if one exists. After confirming the legitimacy of theenrollment authority, the personal identification device creates asession key and securely releases it to the enrollment authority (step207). The personal identification device and the enrollment authoritycan now communicate freely using the session key (step 208). Thebiometric may be downloaded into the personal identification devicealong with the personal identity credentials, or may alternatively besensed locally using the device and stored locally. The enrollmentprocess, at this stage, is application-dependent and requires theestablishment of requisite credentials, etc., which are not coveredwithin the scope of this invention.

Restoration Processes

It may be necessary in some cases to provide a backup of at least oneenrolled personal identity credential and biometric. The backup may beused in the event that the personal identification device fails, suchthat the individual may re-enroll a new personal identification devicewithout undergoing the entire process described above; these devices arereferred to as the ‘primary personal identification device’ and the‘secondary personal identification device,’ respectively.

Backup

There are two distinct parts of the restoration process. The first partdescribes a method for archiving the enrolled personal identitycredential, which allows an enrolled individual to securely store hispersonal identity credential and biometric to a user-accessible computerdisk or other electronic storage repository. This data is onlyaccessible with permission from a device manufacturer, an enrollmentauthority, or a recovery authority, as specified by the implementer ofthe system. In the primary embodiment, this system controller will bethe manufacturer of the primary personal identification device. Thesecond part of the restoration process describes a method for restoringthe stored data to the secondary personal identification device.

As seen in FIG. 3, the primary personal identification device generatesa symmetric biometric encryption and decryption key (step 301). This keyis used for encrypting a digital representation of the enrolledbiometric (step 302), which can be used to unlock the archived personalidentity credential(s). After encryption of the biometric, the symmetricbiometric encryption and decryption key is divided into two unique anddistinct parts (step 303); the scheme of separation may be selected atthe discretion of the system implementer. The first part of thesymmetric biometric encryption and decryption key is encrypted with auser-selected passphrase (step 304). The second part of the symmetricbiometric encryption and decryption key is signed by a private keypossessed by the primary personal identification device (step 305), andis then encrypted with a public key owned by the system controller (step306). As described above, in this embodiment the system controller isthe primary personal identification device manufacturer. Using themanufacturer's public key forces an individual to request restorationprivileges from the manufacturer during restoration, because theindividual needs the manufacturer to decrypt the data with its privatekey. This is discussed in further detail below.

The primary personal identification device then generates a symmetricpersonal identity credential encryption and decryption key (step 307),which is used for encrypting at least one enrolled personal identitycredential. The primary personal identification device first digitallysigns the personal identity credential, using a private key (step 308),and then encrypts the personal identity credential and associateddigital signature (step 309). Similarly to the scheme described above,the symmetric personal identity credential encryption and decryption keyis divided (step 310) into two unique and distinct parts. The first partis encrypted with a user-selected passphrase (step 311), which may ormay not be the same passphrase as used above. The second part is againsigned by the device' private key (step 312) and encrypted with themanufacturer's public key (step 313).

All of the encrypted and/or signed data—the biometric, the symmetricbiometric encryption and decryption key, the personal identitycredential, and the symmetric personal identity credential encryptionand decryption key—are now stored in an electronic storage repository(step 314). In typical embodiments the electronic storage repositorycould be a computer hard drive, floppy disk, or network drive. Theprimary personal identification device releases its digital certificateto the individual for future use of its public key (step 315).

Restoration

As seen in FIG. 4, when an individual receives a secondary personalidentification device, and wishes to restore data from a primarypersonal identification device, he must access the electronic storagerepository (step 401). The individual must first acquire the twoencrypted and/or signed parts of the symmetric biometric encryption anddecryption key (step 402). The secondary personal identification devicedecrypts the first part of the symmetric biometric encryption anddecryption key with the user's passphrase (step 403). It then requeststhe system controller, the manufacturer of the primary personalidentification device, to decrypt the second part of the symmetricbiometric encryption and decryption key and the associated digitalsignature using its (the manufacturer's) private key (step 404). Oncethe data has been decrypted, the secondary personal identificationdevice verifies the digital signature using a public key possessed bythe primary personal identification device (step 405). The two parts ofthe symmetric biometric encryption and decryption key are now combinedappropriately (step 406), and can be used to decrypt the biometric (step407). The biometric is now stored in an appropriate location within thesecondary personal identification device (step 408).

The individual now obtains the two encrypted and/or signed parts of thesymmetric personal identity credential encryption and decryption key(step 409). Similarly to the process described above, the secondarypersonal identification device decrypts the first part of the symmetricpersonal identity credential encryption and decryption key using auser-selected passphrase (step 410). It now requests the systemcontroller, the manufacturer of the primary personal identificationdevice, to decrypt the second part of the symmetric personal identitycredential encryption and decryption key and the accompanying digitalsignature using its private key (step 411). Again, the secondarypersonal identification device verifies the digital signature using apublic key possessed by the primary personal identification device (step412). The two parts of the key are reconstructed to form one key (step413). The key is now used to decrypt the personal identity credentialand the associated digital signature (step 414), and the signature isverified using a public key owned by the primary personal identificationdevice (step 415). The decrypted personal identity credential can now bestored appropriately within the secondary personal identification device(step 416).

While the description above refers to particular embodiments of thepresent invention, it will be understood that many modifications may bemade without departing from the spirit thereof. The accompanying claimsare intended to cover such modifications as would fall within the truescope and spirit of the present invention.

1. A method, comprising: receiving at a personal identification device apublic key before biometric data associated with enrollment is received;sending an identifier from the personal identification device to a partybased on the public key before biometric data associated with enrollmentis received, the identifier being uniquely associated with the personalidentification device; receiving at the personal identification device adigital certificate from the party based on the identifier beforebiometric data associated with enrollment is received; and disablingfunctionality within the personal identification device except that thepersonal identification device is in a wait state associated with futureenrollment.
 2. The method of claim 1, further comprising sending thepublic key from the personal identification device to the party afterthe receiving the public key.
 3. The method of claim 1, wherein thereceiving the digital certificate from the party is based on the publickey and the identifier.
 4. The method of claim 1, wherein the identifieris associated with an asymmetric key pair including a personalidentification device public key and a personal identification deviceprivate key.
 5. The method of claim 1, further comprising producing theidentifier at the personal identification device.
 6. The method of claim1, further comprising receiving at the personal identification devicethe identifier from the party.
 7. The method of claim 1, wherein thedigital certificate includes the public key.
 8. The method of claim 1,wherein the party is a manufacturer of the personal identificationdevice and separate from an enrollment party authorized to enableenrollment of the biometric data at the personal identification device.9. The method of claim 1, wherein the party is a first party, thepersonal identification device being configured to enroll the biometricdata from a second party different from the first party after thereceiving at the personal identification device the digital certificate.10. The method of claim 1, wherein the digital certificate includes dataassociated with the personal identification device.
 11. A method,comprising: sending a public key to a personal identification device;receiving an identifier from the personal identification device, theidentifier being uniquely associated with the personal identificationdevice; producing a digital certificate based on the identifier andbefore enrollment of biometric data; and sending the digital certificateto the personal identification device such that functionality of thepersonal identification device is disabled except that the personalidentification device is configured to send the digital certificate toan enrollment party during future enrollment.
 12. The method of claim11, wherein the producing of the digital certificate is based, at leastin part, on the public key.
 13. The method of claim 11, wherein thereceiving and the producing is performed by a first party, the methodfurther comprising: receiving at the first party a digital certificateuniquely associated with a second party different from the first party;adding a public key of the first party to the digital certificateassociated with the second party; and sending the digital certificateassociated with the second party from the first party to the secondparty.
 14. The method of claim 11, wherein the digital certificateincludes the public key.
 15. The method of claim 11, further comprisingproducing at the party an asymmetric key pair uniquely associated withthe party.
 16. The method of claim 11, wherein the public key isassociated with a manufacturer of the personal identification device andseparate from the enrollment party authorized to enable enrollment ofthe biometric data at the personal identification device.
 17. The methodof claim 11, wherein the personal identification device is configured toenroll biometric data from the enrollment party after the sending thedigital certificate.
 18. The method of claim 11, wherein the producingthe digital certificate is based on data associated with the personalidentification device.
 19. A method, comprising: receiving an encryptionidentifier at a personal identification device from a party duringpre-enrollment; receiving a digital signature at the personalidentification device from the party during pre-enrollment; theencryption identifier and the digital signature collectively configuredto enable verification of the party by the personal identificationdevice; and disabling functionality within the personal identificationdevice except for functionality associated with future enrollment. 20.The method of claim 19, wherein: the encryption identifier is a publickey; and the receiving the digital signature including receiving adigital certificate including the digital signature.
 21. The method ofclaim 19, wherein: the encryption identifier is a public key; and thereceiving the digital signature including receiving a digitalcertificate including the digital signature based on the public key. 22.The method of claim 19, wherein the party is a manufacturer of thepersonal identification device.
 23. The method of claim 19, wherein theparty is a first party, the personal identification device beingconfigured to enroll biometric data from a second party different fromthe first party after the receiving the encryption identifier and afterthe receiving the digital signature.
 24. The method of claim 19, whereinthe digital signature includes data associated with the personalidentification device.